Download
software change impact analysis n.
Skip this Video
Loading SlideShow in 5 Seconds..
Software Change Impact Analysis PowerPoint Presentation
Download Presentation
Software Change Impact Analysis

Software Change Impact Analysis

1321 Views Download Presentation
Download Presentation

Software Change Impact Analysis

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Software Change Impact Analysis Software and Complex Electronic Hardware Standardization Conference Brenda S. Ocker, Software Technical Specialist July 28, 2005

  2. Presentation Overview • Background • Purpose • Definition of Major and Minor • Components of CIA • Process • Example • Summary

  3. History • Notice 8110.85, “Guidelines for the Oversight of Software Change Impact Analyses used to Classify Software Changes as Major or Minor” • Order 8110.49, Chapter 11

  4. Purpose of CIA • Determine the impact of the change on the system • Assure that safety is not adversely affected • Determine the rework and reverification required • Determine the extent of certification authority involvement in the change

  5. Definition of Major and Minor Change • 21.93(a) • Type Certificate • Supplemental Type Certificate • Parts Manufacturer Approval • 21.611(b) • Technical Standard Order (TSO)

  6. Definition of Major and Minor Change • Per 14 CFR 21.93(a): • A minor change has “no appreciable effect on the weight, balance, structural strength, reliability, operational characteristics, or other characteristics affecting the airworthiness of the product” • All other changes are considered major

  7. Definition of Major and Minor Change • Per 14 CFR 21.611(b): • A major change is a design change that is “extensive enough to require a substantially complete investigation to determine compliance with a TSO” • All other changes are considered minor • A minor change to the TSOA could have a major affect on the aircraft

  8. Types of Software Changes • Pre-Certification • During software development/before software approval • Change control in place • Problem reporting & correction in place • Re-verification in place • Addressed in DO-178B, Sections 7 & 8

  9. Types of Software Changes • Post-Certification • After software approval and product certification • Addressed in DO-178B, Section 12.1 • Order 8110.49 Chapter 11 focuses on the post-certification change

  10. Components of a CIA • Identify software change • Perform analyses to assess the effect of the change • Identify life cycle data to be updated • Identify verification activities to be performed

  11. Components of a CIA • Traceability Analysis • Requirements and Design • Code • Test Cases and Procedures • Memory Margin Analysis • Timing Margin Analysis • Data Flow Analysis • Control Flow Analysis

  12. Components of a CIA • Input/Output Analysis • Development Environment and Process Analyses • Operational Characteristics Analysis • Certification Maintenance Requirements Analysis • Partitioning Analysis

  13. Components of a CIA • Traceability Analysis • Requirements & Design Analysis • Identify affected requirements and architecture • Identify new functions and affect on existing functions • Code Analysis • Identify affected software components and interfaces • Identify new software components and interfaces • Test Cases and Procedures Analysis • Identify specific cases and procedures to be repeated to verify changes • Modify existing and/or add new test cases and procedures to verify added functionality • Verify no adverse effects result from changes

  14. Components of a CIA • Memory Margin Analysis • Assure memory allocation requirements and margins are maintained • Examples of tasks: • Estimate change to flash memory • Estimate change to RAM • Evaluate memory margins

  15. Components of a CIA • Timing Margin Analysis • Assure timing margin issues are not introduced due to the change • Examples of tasks: • Review timing requirements • Review CPU task scheduling requirements • Review interface timing requirements • Review changes to the timing margins (usually want at least 10% margin) • Review throughput change for each task

  16. Components of a CIA • Data & Control Flow Analysis • Assess changes in data & control flow and coupling between software components • Evaluate any adverse affects due to the change • Required for Levels A, B, and C software

  17. Components of a CIA • Input/Output (I/O) Analysis • Evaluate impact of the change on the interface with the external world • Examples of tasks: • Bus loading • External databus I/O • External hardwire I/O • Access to memory • Communication with hardware

  18. Components of a CIA • Development Environment and Process Analyses • Identify changes in the environment or process that might have adverse affects on the system • Examples include changes to: • Compilers • Linkers • Loaders • Tools

  19. Components of a CIA • Operational Characteristics Analysis • Identify adverse effects in the operational environment due to software changes. • Examples of changes that could affect the operation of the product: • Gain changes • Limit changes • Filter changes • Interrupt changes • Exception handling changes • Fault mitigation changes

  20. Components of a CIA • Certification Maintenance Requirements (CMR) Analysis • Determine if the software change requires new or modified CMR • Example: • Assume the software change to the anti-skid systems increases the time that the brakes are applied during landing. This could result in more frequent maintenance of the brakes and tires.

  21. Components of a CIA • Partitioning Analysis • Determine the affect of the software change on the protective mechanisms

  22. Components of a CIA • Focus on the potential adverse affects • Changes to safety-related information • Safety-related requirements (including derived requirements) are changed • Changes in operational or procedural characteristics of the aircraft • Changes to flight crew procedures or increase in pilot workload • Added functions • Different processors, interfaces, and other hardware components or environment • Significant changes to life cycle data

  23. Components of a CIA • Identify life cycle data to be updated • Identify verification activities to be performed

  24. Components of a CIA • CIAs come in many forms • Extent of analysis depends on the change size and affected items • Enough detail to support the major or minor classification • Should be revised if the scope of the software change changes

  25. CIA Process Start ApprovedClassificationProcedure? NO YES Work with ACO to classify Follow Procedure Change Major? NO YES ACO involved ACO not involved

  26. Approved Classification Procedures • Approved procedures in place to classify changes as major or minor • Procedures should contain a process for: • Using CIA to classify change • Reviewing/approving the classification • Addressing minor changes • Addressing major changes • Informing FAA of all changes and proposed classifications • Obtaining FAA concurrence on proposed classification

  27. No Classification Procedures • FAA more involved • Applicant performs CIA • Applicant proposes classification (major or minor) to FAA • FAA reviews/accepts/modifies the classification • Applicant & FAA follow procedures for major or minor changes, as applicable

  28. Minor Changes • Change performed without FAA involvement • Data updated, as required • Software Accomplishment Summary (SAS), Software Configuration Index (SCI), and/or other documents submitted to FAA on a periodic basis

  29. Major Changes • FAA and/or DER involved • PSAC and/or CIA submitted to FAA as agreed upon • SAS, SCI, and/or other agreed upon data submitted to ACO • ACO and/or DER reviews and approves data, as needed

  30. Special Considerations for TSO Equipment • A minor change to the TSOA could have a major affect on the aircraft • TSOA Holder should consider the intended installation when performing the CIA • Installer also needs to perform CIA to address the effect of the change on the specific aircraft installation

  31. Requirement ChangeExample • Change Requirement • New • Modified • Deleted • Most common type of change • Applicant’s and FAA’s role in the CIA process

  32. Requirement Change:Applicant’s Responsibilities • Perform CIA to assure that the new or changed requirement: • Does not conflict with other requirements • Is unambiguously stated and verifiable • Is verified to meet requirements of software level • Achieves desired functionality

  33. Requirement Change:Applicant’s Responsibilities • Assure that the following are completed, as needed: • Update the software architecture • Change prologue headers • Review changes against standards • Update traceability (both forward and backward)

  34. Requirement Change:Applicant’s Responsibilities • Examine data elements to assure that new or changed code does not negatively impact existing functionality by: • Examining all areas of the code that use the same variables as those in the changed or new code • Re-examining variable declarations and interfaces • Examining control flow to assure that the change does not negatively impact execution sequence or timing

  35. Requirement Change:Applicant’s Responsibilities • Assure that: • Verification test cases for new and changed requirements exist • All requirements-based tests (normal and robust) that trace to new or changed requirements are run or re-run • Structural coverage is achieved for new or changed area, and still achieved for areas of code with dependencies • Verification record that documents the regression analysis exists

  36. Requirement Change:FAA’s Responsibilities • Review CIA, as needed • Oversee the applicant’s activities, when the change is major • Oversee designees • Perform on-site or desk-top reviews, as needed

  37. Additional Information • View the “Software Change Impact Analysis” Video • Available through FAA Web-site:http://www.faa.gov/certification/aircraft/ • Link to “Aircraft Certification Software” on lower right hand side of page

  38. Summary • Determine the impact of the change on the system • Assure that safety is not adversely affected • Determine the rework and reverification required • Determine the extent of certification authority involvement in the change